Thanks Mivaldi. 1) AV enforcement is per-protocol -> I assume this is only for the following 6 protocols, right? From the admin guide: "The Antivirus profile has decoders that detect and prevent viruses and malware from being transferred over six protocols: HTTP, SMTP, IMAP, POP3, FTP, and SMB" 2) If the above is correct, what is the below parragraph referring to, if there are only 6 decoders for AV? Why does the admin guide state that AV should be enabled "to all security policy rules that allow traffic", if there are only decoders for HTTP, SMTP, IMAP, POP3, FTP, and SMB?: "The reason to attach the best practice Antivirus profile to all security policy rules that allow traffic is to block known malicious files (malware, ransomware bots, and viruses) as they attempt to enter the network." 3) What would be the use case of enabling AV in a security policy for an app that is not HTTP, SMTP, IMAP, POP3, FTP, and SMB, if AV does not have a decoder for it? Thanks.
... View more